this page intentionally left blank

I could use some helium balloon amusement right now.

The hair has been cut. Finally.





It's shaggy. I like it. EL likes it. That's all that matters. It's a little new still and my hair has a serious attitude problem, but once I get it to stay all messy and not try to direct itself, it'll be all good.

Well, in case you didn't notice, my site was down. Apparently my ISP had some issues with the worm that caused an outage and the cable router than they issued me has a problem with renegotiating its network connection following an interruption. I have to get them to reload the router this morning to get connectivity back since I was out of town and couldn't cold boot it. No biggie. The SQL worm that spread this weekend cause some serious DoS issues that aggravated me and interrupted mine and EL's quality time. We have managed to still have a great time enjoying each other's company despite my work getting in the way. She has been very supportive and understanding of my responsibilities. She even came into the office and hung out while I had to put my troubleshooting hat on. She's the best.





We went to a park yesterday and jogged a bit before heading for the driving range. We never actually made it to the range because my cell phone decided to jump into the woods during our outing and we had to go search for it. I'm a dork. I was supposed to fly back this morning, but some work obligations are keeping me here a little longer. Coming into the office here is a small price to pay for spending a few extra moments with the woman I love.





I seriously need some more coffee. Thankfully, EL was very thoughtful this morning and made me some good java while I was getting ready for work. I went through that like a thirsty man in the desert. I had to be in super early this morning to ensure there were no more "issues" left from this weekend's fiasco. I think I heard crickets. No one was here until much later. Now that the office is buzzing with activity, I think I'll step across the street for some hot, dark, caffeinated lovin'...

"Slammer" fucking sucked. Kudos to the chap that wrote it though... not that I appreciate the extra hours at work, but it was definitely effective. It was probably some 8 year old kid that sneaks onto his dad's computer at night while he's sleeping because his PlayStation2 wasn't challenging enough. Damn kids. CERT Advisory CA-2003-04 MS-SQL Server Worm

Original release date: January 25, 2003
Source: CERT/CC

Systems Affected

* Microsoft SQL Server 2000

Overview

The CERT/CC has received reports of self-propagating malicious code
that exploits multiple vulnerabilities in the Resolution Service of
Microsoft SQL Server 2000. The propagation of this worm has caused
varied levels of network degradation across the Internet, in addition
to the compromise of vulnerable machines

I. Description

The worm targeting SQL Server computers is self-propagating malicious
code that most likely exploits two vulnerabilities in the Resolution
Service of Microsoft SQL Server 2000 vulnerabilities. The
vulnerability documented in VU#370308 allows the keep-alive
functionality employed by the SQL Server Resolution Service to launch
a denial of service against other hosts. Either the vulnerability
VU#399260 or VU#484891 allow for the execution of arbitrary code on
the SQL Server computer due to a buffer overflow.

VU#370308 - http://www.kb.cert.org/vuls/id/370308
VU#399260 - http://www.kb.cert.org/vuls/id/399260
VU#484891 - http://www.kb.cert.org/vuls/id/484891

Reports to the CERT/CC indicate that the high volume of 1434/udp
traffic generated between hosts infected with the worm targeting SQL
Server computers may itself lead to performance issues (including
possible denial-of-service conditions) on networks with infected
hosts.

Activity of this worm is readily identifiable on a network by the
presence of small UDP packets (we have received reports of 376-410
byte packets) from seemingly random IP addresses from across the
Internet to port 1434/udp.

II. Impact

Compromise by the worm indicates that a remote attacker can execute
arbitrary code as the local SYSTEM user on the victim system. It may
be possible for an attacker to subsequently leverage a local privilege
escalation exploit in order to gain Administrator access to the victim
system.

The high volume of 1434/udp traffic generated between hosts infected
with the worm may itself lead to performance issues on networks with
both infected and targeted, but non-vulnerable hosts.

III. Solution

Apply a patch

Administrators of all systems running Microsoft SQL Server 2000 are
encouraged to review CA-2002-22 and VU#370308 for detailed vendor
recommendations regarding installing the patch:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-039.asp

CA-2002-22 - http://www.cert.org/advisories/CA-2002-22.html
VU#370308 - http://www.kb.cert.org/vuls/id/370308


Ingress/Egress filtering

The following steps are only effective in limiting the damage that can
be done by systems already infected with the worm. They provide no
protection whatsoever against the initial infection of systems. As a
result, these steps are only recommended in addition to the
preventative steps outlined above, not in lieu thereof.

Ingress filtering manages the flow of traffic as it enters a network
under your administrative control. Servers are typically the only
machines that need to accept inbound traffic from the public Internet.
In the network usage policy of many sites, external hosts are only
permitted to initiate inbound traffic to machines that provide public
services on specific ports. Thus, ingress filtering should be
performed at the border to prohibit externally initiated inbound
traffic to non-authorized services.

Egress filtering manages the flow of traffic as it leaves a network
under your administrative control. There is typically limited need for
machines providing public services to initiate outbound connections to
the Internet.

In the case of this worm, employing ingress and egress filtering can
help prevent compromised systems on your network from attacking
systems elsewhere. Blocking UDP datagrams with both source and
destination ports 1434 from entering or leaving your network reduces
the risk of external infected systems communicating with infected
hosts inside your network.


Recovering from a system compromise

If you believe a system under your administrative control has been
compromised, please follow the steps outlined in:

Steps for Recovering from a UNIX or NT System Compromise
http://www.cert.org/tech_tips/win-UNIX-system_compromise.html

27

28

Well now. Doesn't the morning come all too early? Yeah, that's right... Saturday morning... day off... I'm up at 5:00. Heh. It's oh so worth it though... I'm going to see my sweetie. The only thing keeping me from falling on a sharp object right now is the Diet Dr. Pepper drip that is leading me to serious espresso goodness. My hair looks like a munchichi on miracle grow. Christina is supposed to cut my hair today, but I know that if my hair isn't under control by early afternoon, EL is going to throw me in our little tea-house salon and tell them not to let me out with some fixin. This is serious. I'd take another photo to show you, but I don't have a wide angle lens to capture the troll-doll head explosion going on within the crop of one image and my retard ass hasn't figured out how to do the panorama action feature thingy on my camera yet. Hell, I've had a Motorola i90c for about a year and I didn't even know I had a calendar on it until EL programmed some shit in there. Simple is better. Oh yeah, before I forget... some lady on the plane last time saw me playing solitaire and said that I should try to play FreeCell game number 617. I did. It kicked my ass. If you have won FreeCell game number 617, my hat goes off to you... if I was wearing a hat. Actually, I am going to wear a hat this morning so my hat can actually come off for you... but you probably won’t beat it anyway. Muhahahaha. Stupid game. Anyhoo, I need more caffeine and something to eat. I was actually too tired to eat last night. How that happens I have no idea, but it did. I'm hungry enough to eat a <insert some cool cliché noun here to signify I'm starving>! You see!? I'm too hungry to think of something cool like "I'm hungry enough to eat the ass out of a dead rhino!" or "I'm hungry enough to chew the crotch out of a rag doll!" or "I’m hungry enough to eat erasers!" or "I'm hungry enough to eat the south end of a north bound skunk!"... etc. None of those were original. I need to go to the airport. Cheers!

29

Standby for craziness. I *just* got home from work. Fuck that. It's Friday. The only redeeming factor is that my life here isn't worth much these days without Erin Lynn. I'm hungry and tired and have a ton of things to do before my early flight in the morning. How craptastic is that? I can't wait to see her. How can the space time continuum get so whacked out by emotion that 4 days seems like 3 years? Éclair is at the sitters. I have somehow managed to throw my landlords a piece of raw meat to appease them for a while regarding the house issue. The untidiness of my home office only reaffirms that I am useless these days when I get home from work. I would kill for a massage. Seriously. I can't remember the last time I received a massage and my muscles are like little knots in a basket. I seriously dislike Micro$oft Windows and seriously love Linux. I have tried every possible way to avoid using Windows in the office because of it's inefficiency in the capacity of my use. Today was the last straw. I work through my frustration with my work computer in waves. Tolerance to intolerance over time. I am at the peak of the sinusoid of intolerance. Here is the sequence of events as I recall through bloodshot eyes: Clayton goes to work. Clayton's computer experiences BSOD in the middle of an important packet capture that costs him hours of troubleshooting time (for the uninformed, BSOD is near the heart of all Windows users... Blue Screen of Death). Clayton curses a lot. Clayton reboots into his Linux partition and everything works flawlessly. Clayton needs to use corporate resources that are under the influence of the Dark Side. Clayton embraces VMWare once more and runs Windows XP Professional in a tiny window on his robust Linux desktop. Clayton shoots "the bird" at the tiny XP window on his desktop. Clayton thanks God for Linux. The End. At least I'm home.

Will this work day ever end?

Who is that masked man?














You know, the monkey wasn't always in space.

"As you know, the concept of the suction pump is centuries old. And really, that's all this is, except that instead of sucking water, I'm sucking life. I've just sucked one year of your life away. I might one day go as high as five, but I really don't know what that would do to you, so let's just start with what we have. What did this do to you? Tell me. And remember, this is for posterity, so... be honest. How do you feel?" - Count Rugen (The Princess Bride)

Corporate politics are sucking the life out of me. They just sucked one year of my life away. They might one day go as high as five, but I really don't know what that would do to me. I'm just trying to deal with what I have. It feels terrible.

good morning...

30

Variation on the Word Sleep (Margaret Atwood )
I would like to watch you sleeping.
I would like to watch you,
sleeping. I would like to sleep
with you, to enter
your sleep as its smooth dark wave
slides over my head

and walk with you through that lucent
wavering forest of bluegreen leaves
with its watery sun and three moons
towards the cave where you must descend,
towards your worst fear

I would like to give you the silver
branch, the small white flower, the one
word that will protect you
from the grief at the center
of your dream, from the grief
at the center. I would like to follow
you up the long stairway
again & become
the boat that would row you back
carefully, a flame
in two cupped hands
to where your body lies
beside me, and you enter
it as easily as breathing in

I would like to be the air
that inhabits you for a moment
only. I would like to be that unnoticed
and that necessary
______________

"There are three kinds of men. The ones who learn by reading. The few who learn by observation. The rest of them have to pee on the electric fence." - Will Rogers
I just got off the phone with my sweetie and I'm headed for sleepytime. I can't believe what a big deal Houstonians are making of this weather. It's supposed to be in the low 20's tonight. ANNNND? I wonder what would happen if one day Houston got a taste of the 30 or 40 below I used to live with during the upstate New York winters. I'm glad tomorrow is Friday. This week has been in a blender. Task accomplishment has been like walking to the store on a treadmill. I do a lot of stuff... I just don't walk very far. I have tax paperwork to correct from a huge goof last year, I have bills to pay, I have a checkbook to balance, I have laundry to do, I have a couple of pets that need to go to the vet for a checkup and booster, I have some home repair to do, I have projects at work that need some extra effort, I have professional commitments to attend to (like my CCIE recert that is due REAL soon now)... this list goes on and on... the only "I have" on there that seems to get any attention these days is the "I have an amazing girlfriend that I miss immensely and continually." Oh, here's a new one... I have to get some sleep. Ciao.